Java EE Application Role Mapping

In the Java EE/Servlet security model, a client may be defined in terms
of a security role. For example, a company might use its employee database
to generate both a company-wide phone book application and payroll information
obviously, While all employees might have access to phone numbers and email
addresses, only some employees would have access to the salary information.
Employees with the right to view or change salaries might be defined as having
a special security role.

A role is different from a user group in that a role defines a function
in an application, while a group is a set of users who are related in some
way. For example, members of the groups astronauts, scientists, and pilots
all fit into the role of SpaceShuttlePassenger.

In Sun Java System Web Server 7.0, roles correspond to users, groups or both used and groups
configured in the active realm.